Accepting request 947307 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/947307 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=64
2022-01-22 07:17:45 +00:00 · 2022-01-22 07:17:45 +00:00 · 8527fb36e0
commit 8527fb36e0
parent 87764458ef 643bc0949b
6 changed files with 54 additions and 22 deletions
--- a/expat-2.4.2.tar.xz
+++ b/expat-2.4.2.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:bc2ff58f49c29aac7bff705a6c167a821f26c512079ff08ac432fd0fdc9bb199
 size 449664
--- a/expat-2.4.2.tar.xz.asc
+++ b/expat-2.4.2.tar.xz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmG/ssMACgkQliYqz/vT
 rsY0uQ//e9M41TQjjBbMKLclq093cOhqOjJZGa3lP1FKAxqbiqbgwQoakPMpPF7r
 sduLu/GBbjER2iZ0FufsOCbeNbv1i//84xhZMxloG4HXLpIsNZj69jm4pEsJW8b+
 1g2SSQGbJpL7pXo0o6XR7w8jCV5DN0yvIJce2Prtqer2BbhfYYUtf7g4MuIXpFtZ
 gUuJJkEmZQgHIa4+VRjHlg8X2r0s4LqWq3ho2q0+zfNb/TP+Q8GrPurTq6dWy85U
 SLM+RPd7I8LtJS90wwoABKtFLMmlEgNPLSpoVdTw9UHoCHc3/w9WbYU+mK9tyOtY
 5RFr8f54iwxZInMWTV9OC51uGQm+NBKKrM5IX3AIzrj5GzpvDCS0YtMYyndwix0y
 NFs2J2lg26GH+qEJu8XnDTP5BMiJvMpuDr9D1Tw1YmbWihOPSt1Nr9HRYfuxqVRQ
 FmlM9/tAE6ZmJZ13ZRgY2TPq7JC+/umh3mNN/g2ZnK+Z8To3Y/Gcz4rZDrMS9vpk
 gBimDQhJ9DY9Yj72PynuCclJwWh2S4LAayU9hKiwOfPAAKUw5EgCFF6XkRChjkeH
 WP5pUWdfofzsrPdEVawX49/6rHgE91tAuvy/FmuNaDpjjZKEu/lOp7H3BWQ7C8pI
 3vzos/do1852Ts6WsGzQ2B5/nAQoDqsxtmiU92HKxVeoagd0Tow=
 =Pxlz
 -----END PGP SIGNATURE-----
--- a/expat-2.4.3.tar.xz
+++ b/expat-2.4.3.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:b1f9f1b1a5ebb0acaa88c9ff79bfa4e145823b78aa5185e5c5d85f060824778a
 size 451012
--- a/expat-2.4.3.tar.xz.asc
+++ b/expat-2.4.3.tar.xz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEy43nCpDPv2w79cxWliYqz/vTrsYFAmHkI5AACgkQliYqz/vT
 rsaDyg//Uz2cyoYU79ndQt2jI+zaq58KGhyqHt1CfjPp8jCjhTlkTcFsmE8ftzaa
 1IpI+CKyGatiFh8mIy7Pq+V9nOJkyfmp6t0QCaa/eE7ngOHAz8PDEwj4ievY1aBx
 2dvvwLLrtXaIYhj48v1/xmpCCXUL0os0BIqs6WWl6l0mE3ba1J6AITnZytp1zPy9
 NfaVxRirqA6z8n3TpMZ0FvLXGC0e9aRkE6vR+EQvHmTzdbvJhi0kXhjVIL72QR2R
 9MrpoBD+Wyq+c4wE2otqJWj5Cazb2Ri5uVsoCHGHOGRSFPW4g+7dQC+dK9O+pzQ9
 c/BlmLQTkmgkSLQbKSsFAociaKEe7ef1tXqxTEpsqqbfC9GqVKGfkDzSoigQfJbl
 sKXXZvXVj/6LxhioKTEEAHZ21Z8a2qG3Q+g4Trd7uAPIrz2wQwwkB+TF1i8HAeRy
 q8nNTPbbAmtFe2NuetyZeTaUbPHZAuxl7hH8JnsFs5vTUdP5C9xxGXU7c6xXRL1H
 qKH60WPSxNUxtaiprTrWsyaKX4z3cQRp2pp0wf1M9m4jPWPSpi8SSkZu/C3xhNIz
 U+cs3Ile+ctQSpx8R1nV3VE71NecjW7dkgnU29JkmCohpobAfWPJJMBopTNzPRCW
 JxRLuQ//kpt7OnuNsaI/Ko3MTyvmP82Ynup1u8HrfTnLTFCT3Ic=
 =26Td
 -----END PGP SIGNATURE-----
--- a/expat.changes
+++ b/expat.changes
@ -1,3 +1,35 @@
 -------------------------------------------------------------------
 Mon Jan 17 09:14:10 UTC 2022 - Dirk Müller <dmueller@suse.com>
 - update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474, 
     bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480):
  * CVE-2021-45960 -- Fix issues with left shifts by >=29 places
    resulting in
       a) realloc acting as free
       b) realloc allocating too few bytes
       c) undefined behavior
    depending on architecture and precise value
    for XML documents with >=2^27+1 prefixed attributes
    on a single XML tag a la
    "<r xmlns:a='[..]' a:a123='[..]' [..] />"
    where XML_ParserCreateNS is used to create the parser
    (which needs argument "-n" when running xmlwf).
    Impact is denial of service, or more.
  * CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
    on variable m_groupSize in function doProlog leading
    to realloc acting as free.
    Impact is denial of service or more.
  * CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
    near memory allocation at multiple places.  Mitre assigned
    a dedicated CVE for each involved internal C function:
    - CVE-2022-22822 for function addBinding
    - CVE-2022-22823 for function build_model
    - CVE-2022-22824 for function defineAttribute
    - CVE-2022-22825 for function lookup
    - CVE-2022-22826 for function nextScaffoldPart
    - CVE-2022-22827 for function storeAtts
    Impact is denial of service or more.
 -------------------------------------------------------------------
 Mon Dec 27 16:02:14 UTC 2021 - Dirk Müller <dmueller@suse.com>
--- a/expat.spec
+++ b/expat.spec
@ -1,7 +1,7 @@
 #
 # spec file for package expat
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,9 +16,9 @@
 #
-%global unversion 2_4_2
+%global unversion 2_4_3
 Name:           expat
-Version:        2.4.2
+Version:        2.4.3
 Release:        0
 Summary:        XML Parser Toolkit
 License:        MIT